Cloudera Community
ddv36a78
user rank
Explorer

Re: question about keytab content

by Explorer in Support Questions
‎06-18-2018 02:51 PM
‎06-18-2018 02:51 PM
Geoffrey Shelton Okot Thanks for your answer. Unfortunately for me, it leads to more (inner) questions 😉 1) While the client/Kerberos dialogs are well-described with a non-encrypted secret key for the client (described in Wikipedia), I have not found yet a description explaining how parties agree to work together, when the client side has only an encrypted secret key in a keytab. 2) I don't see why things are improved after encrypting the secret key in a keytab. AFAIU one identity could be stolen when copying a keytab, and then, in that case, having, inside the keytab, a secret key, encrypted or not, does not look like to change anything related to keytab copy protection. Some things are still obscure for me. About (1) : do you have any link pointing to a protocol detail description when working with an encrypted secret key in a keytab ? Thanks again. ... View more

Re: does Know work as a gateway with an UNsecure H...

by Rising Star Rising Star in Support Questions
‎05-21-2018 06:32 PM
2 Kudos
‎05-21-2018 06:32 PM
2 Kudos
Hello @Dominique De Vito Yes, Knox does work with unsecure Hadoop custer and yes you can use KnoxSSO with unsecure cluster as well. ... View more

Re: does Ranger audit itself ?

by Explorer in Support Questions
‎03-19-2018 01:21 PM
‎03-19-2018 01:21 PM
@dvillarreal oops, I have missed that ones. Thanks for pointing me policy change/update traces/audits. ... View more

Re: understanding why mapping Kerberos principals ...

by Super Collaborator in Support Questions
‎01-31-2018 12:13 PM
1 Kudo
‎01-31-2018 12:13 PM
1 Kudo
Almost all the tools that are using authorization are based on usernames to authorize. I.e. in Ranger you configure username to allow access. And most of the tools could use an authorization different to Kerberos, so all of them need a mapping from the Kerberos principal to a username. If you have configured SSH to accept Kerberos authentication, the system still needs to know which user has been authenticated i.e. to determine the home dir and to start the user specific environment ... View more

Re: limits between Kerberos and Ranger for authori...

by Super Collaborator in Support Questions
‎01-23-2018 03:53 PM
‎01-23-2018 03:53 PM
Hi Dominique, yes thats correct. ... View more
Contact Me
Online
Offline
Last Visited
‎10-18-2018 01:23 PM
Community Statistics
Member Since ‎09-21-2016 03:24 PM
Last Visited ‎10-18-2018 01:23 PM
Posts 15